Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »


Product Name

CIS Hardened Images® (AWS)

Product Version

All

Date



Problem

I would like to increase the partition size in my Linux Hardened Image, but I am worried it will compromise security recommendations in place. Do you have any guidance or best practices on how to increase partition size without compromising the controls in place (either technically or the spirit of the controls themselves)?

Solution

A part of CIS hardening is dedicating a separate partition for /var/log specifically recommendation 1.1.15 “Ensure separate partition exists for /var/log”. Keeping the default size for /var/log to 6gb helps keep costs low by ensuring the AMIs use as little Block Storage as possible. However, it can certainly be resized for the end user’s needs. Deleting/re-creating the partition is certainly a viable option, the main hardening in line is ensuring it is separate from the rest of the system to protect against resource exhaustion and to protect audit data. However, when the partition is created and mounted, the security context is also changed via SELinux with the chcon -t var_log_t /mnt command (Mounted the created partition at /mnt while building). Also, keep in mind being in accordance with the benchmark and the noted impact of the recommendation.

Impact:

Resizing filesystems is a common activity in cloud-hosted servers. Separate filesystem partitions may prevent successful resizing, or may require the installation of additional tools solely for the purpose of resizing operations. The use of these additional tools may introduce their own security considerations.

Keywords; partition increase

Content by Label


Copyright © 2020

Center for Internet Security®


  • No labels